I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.
Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)
- Based on CUCM security docs it appears to be 512, 1024 or 2048
[My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:
(Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.
What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -
- Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5
[My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.
Need answer to these 4 questions:
How long can the certificate chain be (how many different levels are supported) ?
How can you get certificates on end devices which aren't part of an Active Directory ?
How to you 'connect' a Cisco Telephony system to a Windows-PKI ?
Is there a checklist in which the points which should be considered are specified?
Please share your opinions. Any help would be appreciated.
Thanks & Regards,
Technology Solutions Network